Page 1 of 14

CGAP Client Protection Due Diligence Checklist: December 2010 Introduction

Many investors are designing, testing, and refining criteria and procedures for incorporating the Client Protection Principles (CPPs) into screening and due diligence. This due diligence checklist draws on peer learning from these initiatives. It was developed in the spirit of sharing what has already been achieved and in response to investors’ requests for a streamlined approach for assessing client protection practices. This checklist is a companion to CGAP’s Implementing the Client Protection Principles: A Technical Guide for Investors.

The checklist includes 12 key questions on client protection to ask when conducting due diligence in the field. The questions are linked to topics often used in screening and due diligence. Minimal guidance for judging the answers to these questions is presented, although some issues may require further investigation.1 The Annex provides guidance for addressing common challenging concerns for assessing client protection practices.

Microfinance investors are a diverse group, and due diligence processes and formats reflect this diversity. Some investors include a comprehensive social performance assessment as part of the investment decision-making process; others view client protection issues as part of risk assessment.2 This checklist does not propose a “one-size-fits-all” approach, and it is not designed as a standalone tool. Instead, it is designed to lower transaction costs by presenting 12 key questions to “add-in” to common due diligence topics.

The due diligence checklist is primarily for investors and funders of retail financial institutions. But others, such as investors considering participating in microfinance investment vehicles (MIVs) and grant funders of apex organizations can use this tool to ensure these funds review client protection practices as part of their own screening procedures. Investors may consider requiring use of the checklist as a condition for their participation in the fund. Investors who outsource their due diligence function can include these topics in the due diligence team’s terms of reference. While developed for microfinance, the checklist is designed to be appropriate for those who invest in any retail financial institution, particularly consumer finance companies.

Finally, a question arises about evaluating practices: isn’t it difficult to assess client protection practices when standards are not clear and are often specific to the market, the product, or type of provider? Some basic minimum standards are emerging for several of the CPPs that are applicable to all markets. The principles on transparency, collections practices, ethics, complaints mechanisms and resolution, and privacy of client data fall into this category. The questions and measures in this checklist regarding preventing over-indebtedness assess efforts, not results. This complex principle generally requires more

1 The Smart Campaign offers a Consumer Protection Assessment Guide, which provides detailed guidance on how

to assess a financial institution’s practices. http://www.smartcampaign.org/tools-a-resources/2/42. CGAP’s Implementing the Client Protection Principles: A Technical Guide for Investors provides value advice about investor experience with the CPPs as part of due diligence, investment committee decision making, and monitoring practices. http://www.cgap.org/p/site/c/template.rc/1.26.11503/. 2For social performance assessment tools see the Social Performance Task Force Web site at

http://www.sptf.info/page/social-performance.

The Client Protection Principles

Avoidance of over-indebtedness

Transparent and Responsible Pricing

Appropriate Collections Practices

Ethical Staff Behavior

Mechanisms for Redress of Grievances

Privacy of Client Data (see www.smartcampaign.org )

Page 2 of 14

analysis than a checklist can provide. Knowledge of the environment, trends, and the influences on the institution are needed to assess the actual level of risk of over-indebtedness. Specific quantitative measures and process indicators for responsible pricing are topics that require more discussion before consensus is reached about minimum standards.3 However, several investors have developed guidelines that set the bar for the current state of the practice.4

This is a living document, we encourage you to use this checklist, field test it and give us your feedback and share experience with others

3 See the notes on CGAP’s virtual conference Responsible Finance: Making It Work in Microfinance, April 12–13

2010, for a discussion of the need for an industry-wide definition of responsible pricing and specific measures. http://virtualconference.cgap.org. 4 See, for example KfW’s Checklist for Promoting Responsible Finance, cited in CGAP, Implementing the Client

Protection Principles: A Technical Guide for Investors.

Page 3 of 14

12 Key Questions

The 12 questions on client protection are organized according to topics used in investors’ screening and due diligence, although formats and organization may differ. The questions are designed to “add in” to interviews and document review. Interpreting the answers to the questions requires engagement; further probing and investigation are often required.

Guidance on good practice and indicators for caution are presented. Some of the CPPs lend themselves to quantitative indicators; others will always be process indicators. Concerns are identified for monitoring and developing a follow-up action plan. Expect financial institutions to show strong performance in some areas, and weaknesses (or nothing) in other areas. The annex provides additional considerations reference by question.

When reviewing a financial institutions’…

Ensure these questions are addressed…

Use caution when… Note good practices when…

Current market environment

1. Is there evidence of intense competition leading to over-heated lending? For example, is it widely known that borrowers have more than one loan with more than one institution?

Regular industry updates are provided on the number and size of financial institutions in the market, and aggregate volume of lending matched to realistic estimates of overall demand levels. For example, Grassroots Capital uses aggregate measures of penetration (total clients with no adjustment for double counting/population), numbers of MFIs operating, and total portfolio per capita) as a first approximation.

Financial institution management is aware of the potential for over-indebtedness and taking action to avoid it. For example, MFIN Initiative in India (association of NBFCs) has adopted a pledge that members will not lend to anyone who has more than three loans already or total amount outstanding of Rs. 50,000.

There is no credit bureau, checking is not required, information is not reliable or current, or most microfinance providers do not belong.

Informal information sharing among financial institutions is deemed unreliable. Even when official statistics are not available, financial institutions note one of

the serious issues they confront is multiple borrowing. Portfolio at risk (PAR), write-off, customer and staff complaints, and loan officer

turnover are increasing from historical trends, especially in several branches. The FI uses credit bureau information to aggressively market to competitors’

Page 4 of 14

customers. Industry-wide performance statistics show high annual portfolio growth rates in

mature, saturated, and competitive markets.

Corporate Governance 2. Is there a board-approved code of ethics that management and staff are expected to follow and a committee dedicated to oversight?5

Board and staff committees address ethics.6 Ethics are regularly monitored by internal audit; whistle blower protection is

addressed.7

The board or a board committee does not consider ethics as part of reputation risk.

Staff are not aware of ethical codes of conduct, rewarded or sanctioned for compliance or violations.

Corporate Governance: Managing Risk and Return

3. How well does the financial institution manage risk and return? What do the financial indicators show?

“A constellation with ROE > 25%, a PAR 30 days of 10%, effective interest rates > 40% and insignificant levels of loan loss reserves would give a first hint to irresponsible lending practices.”8

If MFIs charging medium-high rates are earning ROAs higher than 5% use caution—the MFI may be more focused on financial return than passing on high earnings to reduce interest rates for clients.9

Product Offerings 4. Are prices, terms, conditions and risks of all financial products fully disclosed to the customer prior to sale?

5. Are staff trained to communicate effectively with all customers, ensuring that they

Simple, standard disclosure in marketing material for all products. Loan contracts include a complete amortization table, including all fees. Staff make extra effort to ensure customers with low levels of financial literacy

clearly understand the costs and terms of the product, e.g., using a checklist or reading provisions of the contract aloud, and other communications techniques that work in the context and with the customers.

Customers “opt-in” to linked products, such as credit life insurance.

5 See, the Smart Campaign Web site for good examples of Financial Institutions Codes of Ethics, and “How to Develop an Institutional Code of Ethics,” available

at www.smartcampaign.org.

6 Deutsche Bank’s loan application asks “Does your Board monitor the institution’s performance relative to the Client Protection Principles?” in CGAP (2009)

Implementing the Client Protection Principles: A Technical Guide for Investors, pg 28. Several MFIs that have well-established complaints systems have established “whistle blower” protection, as ethics violations have serious consequences, such as employment termination or legal prosecution. 7 Several MFIs that have well-established complaints systems have established “whistle blower” protection, as ethics violations have serious consequences,

such as employment termination or legal prosecution. 8 KfW Checklist for Promoting Responsible Finance, cited in CGAP, Implementing the Client Protection Principles: A Technical Guide for Investors, pg 25.

9 This guideline is used by Deutsche Bank in their assessment scorecard.

Page 5 of 14

understand the product, the true costs and risks, the terms of the contract, their rights and obligations?

6. Are prices reasonable, fees and penalties not excessive, and bundling of products optional?

Penalties and late fees are disclosed before sale; they are not excessive and do not compound debt to unsustainable levels. (E.g., use of the in duplum rule.)10

Internal audit is tasked with monitoring to ensure standard practices are systematically implemented.

Loan contracts apply a flat rate or do not show installment payment amounts, separated by principal, interest and other fees, or do not include the costs of mandatory linked products. A flat rate in itself is not necessarily a sign of nontransparent pricing. However, if interest rates are presented in this way, extra care should be taken to ensure that an amortization schedule is shared with clients clearly setting out repayments and the full cost of the loan, including the effect of compulsory savings if any.

Fees and penalties are not explained prior to sale (e.g., minimum balances for savings or current account, arrears penalties, debt collections practices—including unauthorized automatic deductions from savings accounts, savings accounts blocked or seized, remittance fees and exchange rates.)

Credit life insurance is mandatory or benefits and costs are not well explained to the borrower.

Loan Underwriting—Credit Approval Process

7. Does the loan underwriting process require an assessment of repayment capacity?

Credit manuals include specific guidelines and ratios for the percent of net disposable income for borrower debt service according to installment interval or debt thresholds. For example, FMO sets guidance that the installment should preferably be below 30% but should not be above 50% of disposable income.11 Triodos uses guidelines that differentiate ratios by credit product, for example for consumer lending an installment/disposable income ratio of 20–30%, for microenterprise lending 50–70%.12

Cash flow formulas include adjustments for errors, or over optimistic estimates, and low or high season estimates when relevant.

Local business norms include pledges regarding refraining from lending to clients who already have borrowed from others.13

10

FMO Guidelines for Consumer Finance as cited in CGAP, Implementing the Client Protection Principles: A Technical Guide for Investors, p. 24. 11

FMO Guidelines for Consumer Finance as cited in CGAP, Implementing the Client Protection Principles: A Technical Guide for Investors, p. 10. 12

Interview with Triodos investment officer 13

E.g., see the MFIN Initiative in India, cited above. Example provided by Grassroots Capital.

Page 6 of 14

Management information system (MIS) is used to track borrower late payments to determine credit risk and any increases in the loan amount.

Collateral, guarantees (peer, co-signer, or physical collateral) are the sole criteria for loan approval.

Loan evaluation relies on assets that may inflate the balance sheet, allowing for more debt than prudent cash analysis would permit.

MIVs are advised to conduct a review of a random sample of credit files to ensure that the files back up the credit assessment policies. Good policies may not translate into good practice.

Bad-Debt Management Practices

8. Is there a sound loan restructuring policy requiring the number and amounts of rescheduled loans to be clearly reported and designated a higher reserve rate?

9. Are acceptable and

unacceptable debt collection practices clearly spelled out in a book of staff rules or debt collection manual?

Credit manuals clearly identify steps in the collection practice; internal audit monitors practices.

Debt collection is a standard process, follows the code of ethics, and involves the legal department.

Collections agents are trained in ethical dilemmas of the job and ethical practices they are expected to follow.

Credit products feature liberal rollover of debt that are not captured as loan restructuring.

Rescheduled loans are not reported separately; provisions are not adjusted for increased risk.

Debt collection is ad hoc, deceptive, or abusive. A “zero delinquency” policy can have negative repercussions on debt collections

practices.

Human Resources 10. Do productivity targets and incentive systems value portfolio quality at least as highly as growth?

Loan officers and decision makers are held responsible for the quality of the loan.

PAR is used as an “entry pass” to receive a bonus.

No one can clearly describe how the incentive system values portfolio quality over growth.

Incentives reward growth (customers or portfolio). The incentive bonus substitutes for a living wage.

Page 7 of 14

Customer Service 11. Is there a mechanism to handle customer complaints that is actively used and has a dedicated staff?

Customers are informed of their right to complain and are actively encouraged to do so.

Various channels exist for customer feedback and complaints receipt. Internal audit checks customer receipt of information about the complaints

procedure. Complaints are tracked, monitored for timely and unbiased resolution, and used

to improve products and services.

Suggestion boxes are the only means to solicit complaints. Unless there is abundant evidence that suggestion boxes are actively used, they are not considered effective mechanisms.

Resolution of complaints is not regularly tracked or monitored by internal audit or another monitoring unit.

IT Security and Data Privacy

12. Does the financial institution have a written privacy policy that requires staff to explain how clients’ data will be used and seek their permission for use?

Clients know how their information will be used (e.g., credit bureaus, marketing campaigns, reports to funders, insurance providers, and other third parties.)

Written permission is sought before sharing client data with any outside party. Data privacy is compliant with the law.

Client data are shared with third parties without verbal explanations or written permission. For example, complete data are shared with insurance companies rather than the minimum required for obtaining a policy; no permission is sought for photographs used in marketing campaigns or funder reports.

Clients are not informed that the financial institution consults with other lenders on an informal basis.

Page 8 of 14

Annex 1: Frequently Asked Questions and Tips

Certain consumer protection topics do not fit neatly into a checklist; they often require more interpretation and subtle analysis. This Annex explores the questions as numbered in the previous table and provides guidance on how to assess challenging consumer protection issues.

Question 1: The Current Market Environment

How do you really know about the level of over-indebtedness until the bubble bursts? Red flags are often ignored when the focus is on an individual institution, excluding the context, or when investor confidence soars buoyed by growth. Look beyond the individual financial institution and analyze these red flags in context: Rapid annual portfolio growth rates, in highly competitive and saturated markets. Analyze the

maturity of the financial institution and the market. Mature financial institutions in mature markets do not have exponential portfolio growth rates, often 5–10% during normal times. During economic downturns, a financial institution may have decreasing portfolios and numbers of borrowers.

Review the number and size of MFIs in a particular market, the aggregate volume of lending, and the estimates of overall demand levels.

Combine macro-level analysis with micro-level analysis, interviewing loan officers and clients on lending behavior and evidence that there may be over-lending.

High PAR and aggressive write-offs, industry-wide. Examine historical trends. A 2–3% increase in historical performance across the industry is an early warning sign.

Multiple borrowing by clients from multiple institutions. Even in the absence of official statistics, financial institutions can generally provide an estimate of the number of borrowers who have multiple loans.

Is abundant debt funding accessed to support more growth, leading a buoyant cycle among various financial institutions and investors? Review the financial institution level measures. Over-stressed risk management systems (high growth in new staff, outdated MIS, growth outpacing internal control systems, and erosion of credit discipline)14 are causes for concern.

Review staff turnover levels, particularly at the mid-management level and among loan officers. High turnover, above 10% within staffing categories, signals a change within the organization. This is a particular concern at the senior and mid-management and loan officer levels. Is there evidence that new staff are up to par with new products and service lines and can respond to the pressures of growth? Look at the training available.

Is internal control/internal audit adequately staffed? Is an internal auditor assigned to each branch? Ensure the MIS is current and responds well to new business lines or sheer volume. One financial

institution may experience difficulty, but a market leader may present systemic risk. Look at the last time the MIS was updated. Does the MIS produce timely and accurate information? How long does it take the financial institution to report performance? Performance reporting beyond 10 days for small financial institutions is less than adequate. Daily reporting for larger or mid-sized financial institutions is appropriate.

A market where all financial institutions provide the same microfinance product, and use the same systems, has the potential to rapidly inflate the bubble. Know competitors’ business and performance. Inadequate loan evaluations, rigid products, high-volume targets, incentives that reward growth over quality, and high competition in a saturated market can drive borrower over-indebtedness systemically.15

14

CGAP, “Growth and Vulnerabilities in Microfinance,” Focus Note 61, February 2010. 15

Smart Campaign, Center for Financial Inclusion, Conducting Client Protection Assessments: A Guide (Feb 2010)

Page 9 of 14

Is there a tool or a checklist that provides current contextual assessment specifically regarding client protection? Refer to the Smart Campaign’s “Conducting Client Protection Assessment: A Guide,” which is available at http://www.smartcampaign.org/tools-a-resources/2/42. The client protection context table is found on page 4. Questions 2 and 3: Corporate Governance—Managing Risks

Do any aspects of existing funding agreements create pressure on growth, such as unrealistic outreach, portfolio growth, and return expectations? Where does the pressure come from—the financial institution’s policy or from investors outreach and growth expectations? This is a fundamental question for investors. Expectations of scale, market share, and time frames for growth and profitability may push practices that do not benefit sustainable growth, lead to perverse incentives, or send mixed messages. Red flags that investor expectations drive unsustainable growth: ROE expectations remain the same despite economic downturns. If projected ROE does not drop

with adverse developments, management and the board must justify. Investor confidence of continued growth is buoyed by rapid outreach and increasing portfolio size.

Management and the board should be able to justify why extraordinary growth should be permitted.

The financial institution is highly leveraged and has not developed appropriate assets and liabilities management systems. Generally, following the capital asset ratio (CAR) guidelines for the size, form, and services permitted by different financial institutions within the local jurisdiction is acceptable. Following the national industry CAR guidelines is appropriate when combined with monitoring new developments. For example, the central bank may be considering the appropriateness and safety of the CAR guidelines given current developments. For example, India increased CAR from 10% for nondeposit taking MFIs to 12% by April 2009 and 15% by April 2010, based on concerns that the credit MFIs were too highly leveraged, and relying on short-term funds to finance long-term assets.

Investors have not reviewed management systems, internal controls, or staffing patterns since the onset of rapid growth. Substantial investments in systems development, maintenance, or staffing may be required to support sustainable growth.

How do these recommendations respond to good governance best practices? Good governance best practices for financial institutions require a board-level credit committee (or

credit and risk committee) and a compliance committee that includes ethics. The compliance committee is often referred to as a Compliance and Ethics committee, which

reflects the financial institutions intent to ensure ethics is an essential element of compliance with laws, standards, and regulations. Other financial institutions have designated board-level ethics committees. Either system appears to work well.

Questions 4, 5, and 6: Transparency and Responsible Pricing

What about communicating the total cost of the product to the customer instead of using an APR or similar formula when such “truth in lending” requirements are not part of the regulatory framework? In the absence of industry wide APR requirements, full disclosure of all prices, terms, and conditions is acceptable. Caution: When some providers are required to use APR pricing formula (such as licensed regulated financial institutions) and others are not (e.g., NGOs, credit unions and village banks) patchy coverage and perverse incentives may undermine the regulation. Transparency laws, such as use of an APR or similar formula, work only when all microfinance providers comply at the same time.

Page 10 of 14

What about situations where no one (clients or MFI) understands how to calculate or interpret APR or similar formula? Customers often prefer a complete list of all costs associated with a loan, and amounts they will earn on savings accounts—not a percentage. This method is easier to understand. When APR is commonly used customers become familiar with what it means and use it to compare products. APR or similar method has long-term benefits for the industry—it tends to drive down prices, and customers become more accustomed to using it. In the meantime, many financial institutions use APR or similar formula in all contracts to comply with the law, and complement the loan contacts with a complete amortization schedule—including linked products—and a savings product description that shows interest income in monetary values, not percentages. What about an environment where no financial institution is required to follow full disclosure? Engage with policy makers around this issue. Investors can underestimate the influence they have through policy dialogue. Include networks and associations: members have an interest in ensuring good practices are rewarded and rouge players are sanctioned. Why is full transparency and disclosure considered an “entry pass” for responsible pricing? At a minimum responsible pricing relies on full disclosure by the seller to enable a customer to make informed decisions. If the financial institution scores poorly on full disclosure, it cannot score well on responsible pricing. Question 7: Loan Underwriting—Credit Approval Process

Should investors provide technical advice to financial institutions on credit evaluation processes, or be in a position to evaluate effective ones that respond to CPPs? The current advice is to be in a position to evaluate effective loan underwriting processes that guard against over-indebtedness. What are the current best practices in loan underwriting to avoid over-indebtedness? The loan evaluation process is critical to preventing over-indebtedness. There is no one standard—debt repayment capability depends on the product, the business, and whether it is a group or individual loan. However, the financial institution should have a methodology to assess borrower’s ability to repay that can be judged and that is systematically applied, monitored, and always applied conservatively.

The critical issue is for financial institutions to assess a client’s estimated disposable income (EDI): EDI = Net Monthly (or weekly) Income – Net Monthly (or weekly) Outgoings (including household expenditure and existing credit commitments).

Investors expect the financial institution to have guidelines for the percentage debt service (the amount borrowers will have to repay in that period, including capital and interest) compared to EDI. FMO sets guidelines for acceptable affordability levels that range from instalments between 30 and 50 percent of disposable income. Triodos advises setting guidelines by type of credit product; the instalment/EDI would typically be lower for consumer credit (20–30%) but higher for microenterprise lending (50–70%).

The financial institution should make lending decisions based on cash flow analysis and not rely on assets, which may inflate the balance sheet and allow for more debt than prudent cash analysis would allow.

The financial institution should ensure that guarantees (whether they are co-signers, collateral, group solidarity guarantees, or guaranteed through mandatory savings and other means) are not the sole qualification for loan approval.

Page 11 of 14

What about solidarity group guarantees as the sole qualification for a loan? Review group membership policies to verify that groups are self-selected based on character, not

collateral; how do group members assess how many groups one borrower joins? How does the MFI train groups to assess the repayment capacity of their members? Good practice

methodologies provide training for groups to assess cash flows of common businesses, while the credit officer provides a supervisory role.

Group guarantees can be assessed positively, if they are not the sole means used for loan approval. Use caution with these red flags: There is high turnover in group membership, particularly among the officers Groups do not require at least two members to make deposits into joint savings accounts Group members come from outside the community. The financial institution’s MIS detects “hidden default” within the group, providing an early warning

sign that group repayment discipline may be deteriorating. Questions 8 and 9: Bad-Debt Management Practices

Isn’t it hard to verify consistent collections practices throughout the institution? Verifying consistent practice organization-wide is difficult. The key is to look at the systems. Look for: A Code of ethics that incorporates guidance on appropriate collections Training for collections agents in implementing the code. A manual includes a set of standard actions, timeframes, and personnel responsible. A step-by-step

process in the hands of legal professionals mitigates ad hoc collections by pressured loan officers Awareness at the highest level of governance, such as Board committees charged with overseeing

reputation risk and/or ethics Internal audit regularly monitors collections practices.

Answers to these questions help determine consistent practice: Is there a system or procedure with someone in charge of quality control? How are collections agents held accountable for following the system? Is the system monitored by a specific person, or department, such as internal control or internal

audit departments or the credit department manager, or an ethics committee? What happens when the system or procedure is ignored? How regularly is the system reviewed and revised? What information is used? Is there consensus about the separation of credit origination and collections? There is no consensus about the separation between credit origination and collections. However, many financial institutions consider this separation good practice. Specialization appears to have better results with collections as well as appropriate collections

practices. Specialization confers standardization, and a systematized practice, often under the legal department or specialized collections department. They follow the law, are trained in appropriate practices consistent with the financial institution’s code of ethics, and are generally less vulnerable to ad hoc practices by credit officers.

For this system to work well, all loan originators and the decision makers must be held accountable for the quality of the loan at the point of origination.

What about use of 3rd party collections agents? Use of 3rd party collections agents is not necessarily bad practice. The analyst should (1) Assess the value the arrangement adds to the financial institution’s human resource base rather than a convenient collections arrangement that may employ collections practices that may violate the financial institution’s ethical standards; and (2) Look for strict

Page 12 of 14

requirements of 3rd parties to adhere to the institution’s code of ethics, and orientation to the code for 3rd parties. Good practices include: Recording client interviews during debt collections and robust complaints mechanisms that encourage delinquent clients’ usage. Question 10: Human Resources—Incentives Systems and Productivity Targets

What kind of behavior do loan officer incentive bonuses really promote? The incentive system drives what products get sold to whom. If portfolio size is part of the incentive system, larger loans will be made; outreach as part of the incentive system encourages multiple borrowing from multiple institutions (in competitive markets). Quality as part of the incentive system generally tempers these influences. Always review a demonstration to verify that quality is indeed rewarded at least as highly as growth. It is not as apparent as it seems. Many incentive systems reward growth directly, or by default, for example by using end of the month performance which encourages high disbursements at month’s end to reduce PAR. Loan officers who are focused on responsible borrowing, the incidence of multiple loans and borrower affordability are factors that temper growth at the expense of quality. But the incentive system or productivity targets must be structured to reward this focus.

Some examples of good practices are:

Portfolio quality is the “entry pass” for any incentive bonus (e.g., PAR 30 <3%). Some financial institutions have used bonus requirements that include PAR 8–30 days, less than 6%; 31–90 days less than 5%, portfolio assigned to collections department after 120 days, less than 1%. Any incentive is suspended if the % of the portfolio assigned to collections department is greater than 1%. The bonus is discounted on a sliding scale until it reaches 0, where the full bonus is awarded.

Equally weighted factors in the incentive system (e.g., meeting targets for client growth 30%, meeting targets for portfolio growth 30%, meeting targets for portfolio quality 30%, meeting customer service standards 10%, which includes a bonus for ethics and customer service). Caution: are the specific targets reasonable within the current market conditions?

An incentive system that is balanced between current outstanding loans and new or renewed loans; new credit officers and experienced ones, regions (highly economically active and those that are depressed).

Incentive systems that regularly record progress toward reaching the end-of-month targets during the month helps the credit officer and management to monitor growth and quality patterns.

Branch or unit—not individual incentives—are growing in popularity. These branch level incentives focus on quality (e.g., PAR, profitability, customer service, and uptake of noncredit products and services.) These systems are most often seen in financial institutions that provide services and products in addition to credit. The use of a branch or unit level incentive system requires that credit officers’ salaries are competitive without an incentive bonus that complements the basic salary.

Question 12: Security and Data Privacy

What about individual privacy concerns in group lending and savings? What about groups where all members know account balances, disbursement times and savings are often kept in a joint account? Group members generally know each other well, and know about members’ income streams and financial health. Yet, individual privacy concerns in groups remain an issue. Current guidance is that information must be kept within the group. Also look for evidence that group training covers the importance of security and privacy of individual group members, access to joint savings accounts, and safety procedures for disbursements. (Refer to cautions in Question 7 above. They are relevant here.)

Page 13 of 14

General Questions

Does consumer lending go against good client protection practices? Consumer lending products are important for the majority of the population. Consumer lending raises specific issues, but it can be done responsibly. Consumer lenders are often required to do more to assess debt capacity of borrowers. Several investors establish limits on consumer lending as a percentage of the overall portfolio. They require more and more accurate scrutiny, such as careful review of the policies, collateral requirements, and debt capacity assessments of borrowers. The line is often blurred among consumer lending, consumption lending and small and microenterprise lending. Any investigation of consumer lending, should have an accurate definition. Is client protection good credit and reputation risk management or is it social performance management (SPM)? Doesn’t an institution’s social mission to serve the poor automatically include client protection in the mission? Client protection is a core part of SPM; it is also a core part of good credit and reputation risk management. Socially responsible financial institutions and their investors, as well as their commercially driven counterparts, cannot afford not to pay attention to client protection, risk management and long-term relationships with customers.

Some investors will prefer to incorporate the CPPs into a standard due diligence process to ensure client protection is covered with all investments; others will prefer to assess the CPPs as part of Social Performance assessments as they have become standard procedure within the funding agency. Overall, the first option appears to have the greatest chance of ensuring comprehensive coverage and efficient procedures.

Research findings show that more formal financial institutions, such as banks and credit unions tended to have better overall client protection practices than less formal organizations, such as NGOs. The reasons include compliance with formal regulation in other areas tends to spillover into client protection, regulated institutions have developed compliance systems and procedures widely throughout the agency, monitoring and internal audit are especially vigilant, reputation risk is formally considered at the senior management and board levels, and many have developed good customer service departments including complaints handling and resolution mechanisms.16 Good client protection practices do not appear to be directly related to an institution’s mission to serve the poor. A mission to serve the poor can be trumped by expectations of growth, higher levels of profitability and winning a competitive edge. Short-term focused performance can emphasize market share or cost reduction measures to the detriment of paying prudent attention to customers. Good client protection practices are directly linked to the financial institution's mission to serve customers well, regardless of their economic status. How do you assess regulatory compliance? What about when regulatory compliance falls below the standards proposed here? All institutions must be in compliance with the appropriate regulatory and legal frameworks to meet a minimum standard. However, compliance with an inadequate law (e.g., transparency or financial disclosure requirements or information sharing that requires or restricts data security) is generally given an inadequate rating.

A bank secrecy law that prohibits formal information sharing of client data often leads to informal information sharing among institutions. Several financial institutions have not endorsed the CPPs since they cannot comply with the principle of obtaining client consent for sharing information. The principle

16

Smart Campaign, Beyond Codes action research findings. Reference Expert Dialogue Group, November 2009.

Page 14 of 14

does not require information sharing. Rather, the emphasis is on informing customers about how their information will be shared and seeking client permission for use of that data.

If a financial institution is not transparent with customers about how information is used, does this break or contravene the law? Investors should expect higher standards if implementation of these standards do not break the law or contravene it. This does not mean investors should not work in these markets; these circumstances may call for more active work with policy makers on financial disclosure, bank secrecy laws or establishing credit bureaus and other financial infrastructure, if this is within the willingness and capacity of the investor team. What kind of action plan should I expect? The action plan should be designed based on the assessment of financial institution vulnerabilities and strengths. To date, action plans have been voluntary and are not included in loan covenants. Action plans have been directed towards learning from experience and establishing a business case for client protection practices. They can either focus on addressing vulnerabilities or shoring up strengths.

Experience to date shows that the complaints handling and resolution process within the financial institution is the most popular action. A strong business case can be made for such an initiative, as it directly responds to customer service and risk management. Another popular initiative is revising credit evaluation procedures or metrics. This again responds to a win–win scenario by reducing credit risk for the institution and client over-indebtedness. Debt collections practices are another area where action plans are chosen by the financial institution. As with the two previous examples, debt collections practices respond to a significant risk—reputation risk. The most difficult action plans deal with transparent pricing, when there is no legal or regulatory framework to ensure compliance within the industry, and responsible pricing.17 Privacy of client data is an area that is particularly relevant for those contexts where conflicts between the law and the practice are noted. However, policy advocacy industry-wide is the first step to ensure effectiveness of any individual financial institution action plan in this area.

17

Smart Campaign, Beyond Codes action research findings. Reference Expert Dialogue Group, November 2009.